New Features in iOS 7 Make iPhone More Secure Than Ever

Yesterday, Apple CEO Tim Cook and his cadre of design-minded pals took to the stage of WWDC and gave consumers a peek at the new iOS 7 that will grace iPhones, iPads, and and iPod Touches starting sometime this fall. Most of the coverage has focused on the new (snazzy) look, but Apple is adding some security features of which we heartily approve.

Yesterday, Apple CEO Tim Cook and his cadre of design-minded pals took to the stage of WWDC and gave consumers a peek at the new iOS 7 that will grace iPhones, iPads, and iPod Touches starting sometime this fall. Most of the coverage has focused on the new (snazzy) look, but Apple is adding some security features of which we heartily approve.

Call, Text, and FaceTime Blocking Though somewhat downplayed in the company's press release, Apple will be including the ability to block specific numbers. Android developers have been providing this for a while, though it has never been implemented as part of the OS. Some security companies, like Kaspersky Mobile Security, have included call blocking as a key part of their offerings.

Apple, on the other hand, doesn't want to give anyone access to key functionalities like the Phone app, but will be addressing the issue themselves. The company's press release reads, "Phone, FaceTime and Messages blocking to prevent specific people from being able to contact you," indicating that blocking will be a base function that extends to the other apps Apple controls

While I am relieved, and excited, to see how Apple addresses this, I'm also concerned. In general, Apple is often slow to add new features and prefers to patch vulnerabilities rather than quickly addressing fundamental security issues—like the inability to block numbers. If Apple doesn't get it right out-of-the-box, it could be a long time before they introduce something better.

One nagging question is how this will affect iOS developers who have been working to provide similar blocking services.

Remote Wipe Not the End of the WorldFor years now, Apple has offered Find My iPhone—a free service that allows you to remotely locate, lock, message, and wipe your phone. Again, this functionality is a mainstay of Android security developers.

For both Android and Apple, remote wipe is a nuclear option. It's the ultimate signal of surrender, partly because all your data is gone (unless you back it up, which you should) but also because the thief is left with a totally blank phone ready for a new owner.

Not so with iOS 7. Soon, even a remotely wiped phone will require your login credentials to unlock it. Again, from Apple's press release, "a new Find My iPhone Activation Lock feature that requires your Apple ID and password before you can turn off Find My iPhone, erase data or re-activate a device after it’s been remotely erased."

The log-in requirement for these features is very much welcome on iOS. The remote wipe security is especially nice, since it means you're not surrendering your phone to a thief. However, this might involve retaining some small amount of user data on the phone to perform the login—though the authentication might be handled via iCloud. If for some reason you needed to completely dissoaciate yourself from your iPhone remotely, you might not have that option in iOS 7.

iCloud Keychain Attacks Password Managers We're big on password managers here at SecurityWatch. The experts we've talked to make it clear that simply having a different password for each website will go a long way to keeping you and your data safe. Apple's KeyChain on OS X has allowed users to generate and save passwords for years, but in iOS7 it's coming to mobile as well with iCloud Keychain.

The trouble with existing password managers is that getting to your saved passwords from a mobile device is kind of a hassle—usually involving some cutting and pasting or using a modified browser. Not so with iCloud Keychain. From the press release, "with iCloud Keychain®, your passwords and credit card information are securely stored and available on all your devices, so navigating password protected sites or autofilling during transactions is simple and secure."

From the sound of it, this leaves out login information for apps. As inelegant as cutting and pasting is, LastPass is very flexible. With it, you can generate, save, and retrieve passwords on the fly for websites or applications. Apple's approach doesn't sound like it's going to make a dent in LastPass's game there, but its seamless integration into the browser experience will hopefully get more people taking password security seriously.

How Secure is It? Unfortunately, we won't know how well Apple implemented these security changes until the new OS rolls out sometime this fall. That said, Apple has done a remarkable job of keeping malicious applications out of the app store, and avoiding attacks despite being such a large, juicy target.

Max Eddy is a Software Analyst, taking a critical eye to Android apps and security services. He's also PCMag's foremost authority on weather stations and digital scrapbooking software. When not polishing his tinfoil hat or plumbing the depths of the Dark Web, he can be found working to discern the 100 Best Android Apps.
Prior to PCMag, Max wrote for the International Digital Times, The International Science Times, and The Mary Sue. He has also been known to write for Geek.com. You can follow him on...
More »